The Fingerprint Unlock On Your Phone Can Be Hacked

Two researchers from the Department of Computer Science and Engineering at Michigan State University have devised a way to bypass fingerprint unlock security on mobile devices. Kai Cao and Anil K. Jain published the tutorial and the materials needed can be bought off the shelf. The hack takes less than 15 minutes and it was tested on Samsung Galaxy S6 and Huawei Honor 7.

Hacking Samsung Galaxy S6 was relatively easier but the researchers claim that Huawei Honor 7 was a bit difficult. In a video uploaded to YouTube demonstrating the process, it was revealed that the materials needed include an inkjet printer, a few drops of conductive ink that contains silver and a special paper from a Japanese manufacturer called AgIC used for printing electronic circuits.

Spoofing the fingerprint isn’t really difficult with the needed materials on ground. A hacker can easily lift the fingerprint from a stolen phone and have it spoofed to carry out the hack.

A spoofing method exists already using a 3D printer as proposed by Chaos Computer Club in Berlin but the method is more expensive and takes more time. A Samsung spokesperson told the Guardian:

Samsung takes fingerprint security very seriously, and we would like to assure that users’ fingerprints are encrypted and securely stored within our devices equipped with fingerprint sensors. As the report itself points out, it takes specific equipment, supplies and conditions to simulate a person’s fingerprint, including being in possession of the fingerprint owner’s phone to unlock the device. If at any time there is a credible potential vulnerability we will act promptly to investigate and resolve the issue.

Huawei too responded to the report:

We are aware of various reports which make the claim that vulnerabilities exist in fingerprint sensor technology used by several manufacturers, including Honor. We have equipped Honor 7 with a chipset-level security solution in which personal data in the form of fingerprint images is protected with hardware. This solution is significantly superior to that of most other Android phones.

This report further proves that security is only an illusion. The researchers reportedly said this same method didn’t work on iPhone 5s and Meizu MX4 Pro. With more devices using fingerprint unlock for sensitive activities like payment, it becomes even more important for manufacturers to further tighten security with anti-spoofing measures. You can read the full report here.

The Fingerprint Unlock On Your Phone Can Be Hacked
Reviewed by Chukwumah Rapheal
on
March 10, 2016
Rating: 5